Smart integrated circuit

ABSTRACT

The present invention relates to a smart integrated circuit. 
     This smart integrated circuit is characterized in that it has a main processor ( 1 ) and an operating system executing a main program (P 1 ) for constituting a main task-performing process, at least one secondary processor ( 2 ) capable of concurrently executing at least one secondary program (P 2 ) for constituting at least one task-performing process, power supply circuits ( 6 ) common to the processors and means for ensuring that the secondary processor or processors with similar power and different operating signatures are executed concurrently with the main process by continuously or intermittently inducing, in the power supply circuits, power disturbances that are superimposed on those of the main process so as to produce a continuous or intermittent scrambling.

FIELD OF THE INVENTION

The invention relates to integrated circuits and, more particularly, toa smart integrated circuit.

DESCRIPTION OF RELATED ART

It is known that microprocessors, microcomputers or smart integratedcircuits sequentially execute the instructions of a program stored in amemory, in sync with one or more timing signals referenced to clocksignals supplied to the microprocessor, microcomputer or integratedcircuit either internally or externally. A smart integrated circuitmeans an integrated circuit comprising specific circuits limited to theexecution of a limited number of instructions or functionalities forwhich they have been specifically developed.

It has proven possible to trace the various phases of the execution ofthis program over time since the execution of the instructions occurssequentially in accordance with a process predetermined by this program,generally in sync with the clock signals that normally time theprocessor. In essence, any program involves a sequence of instructionsthat which must be executed successively in an order known in advance,the start and end times of each instruction being precisely known sinceit is executed in accordance with a predetermined process which, forsophisticated means of analysis, has what may be called a recognizable“signature.” It is known that this signature of the process can, forexample, be obtained from signals that measure the power consumed by thevarious electric circuits that are used by the instruction or sequenceof instructions executed. It is therefore theoretically possible to knowthe nature of the instruction sequence that is being executed in theprocessing unit of the processor at a given moment since the programthat is running is constituted by this predetermined sequence ofinstructions, whose signature is known.

It is possible through such means to determine which particularinstruction is being executed, as well as the data used by thisinstruction.

This capability of being able to observe the details of the execution ofa program in a microprocessor or microcomputer is a major drawback whenthis microprocessor or microcomputer is used in high-securityapplications. In essence, a malicious individual could thus learn thesuccessive states of the processor and use this information to learncertain sensitive results of internal operations.

It is conceivable, for example, that a given action could occur atdifferent times as a function of the result of a given protectedoperation, such as the verification of a piece of confidential internalinformation, the decryption of a message, or the integrity checking ofcertain information. Depending on the instant in question, one could forexample act on the processor, or obtain the value of certain registersthrough physical analysis, so as to obtain information on the result oron the confidential content of the information, even in the case ofcryptographic calculations on the secret encryption key used.

There are known devices that provide a first improvement to protectedmicrocomputers by equipping them with circuits that generate randomclock pulses. This way, the analyses make it particularly difficult toobserve events, since their synchronization quickly becomesimpracticable and the occurrence of an event becomes more difficult topredict.

However, this type of solution has many drawbacks.

First of all, the design of such circuits is particularly delicate andlaborious because it is impossible to simulate a random functionthroughout a circuit as complex as a microcomputer, and even moredifficult to test these circuits after production in terms of theirscrambled behavior. A random sequence of clock pulses is, in fact, verydifficult to simulate for the testing of these circuits, but it is evenmore difficult to control all the behaviors of the logic circuitassembly of the processor, especially during the switching of signals inthe internal busses and in the registers.

There is another known device that introduces a new architecture basedon the use of a dummy memory that may be used or not used by themicroprocessor in a way that is entirely non-synchronized relative tothe external environment. This makes the observation of events andsignatures particularly difficult.

However, the use of a random clock or a dummy memory, although itprovides some advantageous improvements, does not change the basicbehavior of the microprocessor, which is still sequential, even if theinstructions that follow one another belong to different processes.Therefore, it is still theoretically possible to “filter out” the badinstructions and save only the good ones, and thus gain access to theinformation emanating from the microprocessor.

Another drawback resides in the fact that the execution contexts of theprograms interrupted by dummy sequences must be saved and restored,which saving requires substantial memory resources.

SUMMARY OF THE INVENTION

One of the objects of the invention is to equip the smart integratedcircuit with means that prohibit the type of analysis described above,and more generally prevent any interpretation of the signals issuingfrom the processor or central processing unit. This type of circuit iscalled a “MUMIC” (Multi Untraceable MICrocomputer).

This object is achieved through the fact that the smart integratedcircuit has a main processor and an operating system executing a mainprogram for constituting a main task-performing process, at least onesecondary processor capable of concurrently executing at least onesecondary program for constituting at least one task-performing process,power supply circuits common to the processors and means for ensuringthat the secondary with similar power and different operating signaturesare executed concurrently with the main task performing process bycontinuously or intermittently inducing, in the power supply circuits,power disturbances that are superimposed on those of the main process soas to produce continuous or intermittent scrambling.

According to another characteristic, the main or secondary processorsare each a protected microprocessor or microcomputer.

According to another characteristic, the activation of these means istriggered by the operating system of the main processor (1) of the smartintegrated circuit, so that the additional security created by the abovemeans depends only on a decision resulting from the main processor'srunning of the operating system, located at a place in the integratedcircuit inaccessible from the outside.

According to another characteristic, the smart integrated circuit has amain memory dedicated to the main processor, containing the operatingsystem in at least one part of the memory inaccessible from the outsideand accessible by at least one of the two processors, and a secondarymemory respectively dedicated to the secondary process.

According to another characteristic, the smart integrated has at leastone communication bus between the processors, their respective memoriesand an input/output circuit.

According to another characteristic, the smart integrated circuit isformed by logic circuits dispersed on the substrate or substrates insuch a way that the physical layout of the two processors is achievedwithout any easily recognizable functional blocks, for example byphysical interleaving but with a separate logical organization.

According to another characteristic, the secondary processor executestasks of the secondary process that minimize or cancel out the operatingsignatures of the main processor.

According to another characteristic, the secondary processor executestasks of the secondary process correlated to those of the main processexecuted by the main processor in such a way that the intermediateprocessing results never appear during the process.

According to another characteristic, the secondary program uses aworking space smaller than that of the main program.

A second object of the invention is to make it so that the main processcan only run if the secondary process is operational.

This second object is achieved through the fact that the smartintegrated circuit has communication means between the main processorand the secondary processor.

According to another characteristic, the communication means between thetwo processors allow the main processor to know whether or not thesecondary processor is operational.

According to another characteristic, the communication means between thetwo processors allow the main processor to perform an authentication ofthe secondary processor.

According to another characteristic, the authentication or operationaltesting of the secondary processor is performed during the processing bythe main processor.

According to another characteristic, the means for activating thesecondary processor is controlled by the main processor and its mainprogram, by an interrupt system, or by a timer, or even by a combinationof the three.

A third object of the invention is to make it so that the secondaryprocess implements a program that is totally different from the mainprogram.

This third object is achieved through the fact that the secondaryprocessor executes tasks of the secondary process that have nocorrelation to those of the main process executed by the main processor.

According to another characteristic, the secondary processor executestasks of the secondary process that minimize or cancel out the operatingsignatures of the main processor.

A fourth object of the invention is for the secondary program to use aprogram whose signature causes effects different from those emanatingfrom the main processor.

This fourth object is achieved through the fact that the secondaryprogram implements a process correlated to the main process in such away that the combination of the two processes provides an operatingsignature of the secondary processor which hides that of the mainprocessor.

According to another characteristic, the secondary processor executestasks correlated to those of the main processor, in such a way that theintermediate processing results never appear during the process.

A fifth object of the invention is to produce an original architectureusing validated circuits, without having to create a new semiconductortechnology or new manufacturing processes.

This fifth object is achieved through the fact that the secondaryprocessor can substitute for the main processor and vice versa.

According to another characteristic, the secondary processor executestasks correlated to those of the main processor by synchronizing theprocesses and comparing the values of two data elements, each issuingfrom the respective processor executing its respective program.

According to another characteristic, the secondary processor executestasks correlated to those of the main processor by logically deducingthe secondary program from the main program.

According to another characteristic, the smart integrated circuitcomprises at least two processors, and each of the processors has arespective bus to which the RAMs and ROMs for each processor and thenonvolatile memory for the main processor are connected.

According to another characteristic, the smart integrated circuitcomprises a plurality of processors, each of which is connected to oneand the same multiplexed communication bus between the processors and aRAM, ROM and nonvolatile memory array connected to this bus, thecontentions for access to this common bus being handled by anarbitration circuit.

According to another characteristic, the secondary processor executes,successively and in any order, either programs that are correlated orprograms without any correlation to those executed by the mainprocessor.

BRIEF DESCRIPTION OF THE DRAWINGS

Other characteristics and advantages of the invention will emerge moreclearly in light of the following description, given in reference to theattached drawings in which:

FIG. 1 represents a logic diagram of an embodiment of the integratedcircuit of the invention with two processors, each with its bus;

FIG. 2 a represents an exemplary embodiment of a communication circuitbetween two processors of the circuit;

FIG. 2 b represents the structure of a frame used in the communicationbetween the two processors of the circuit;

FIG. 3 represents a diagram of an exemplary embodiment of the integratedcircuit of the invention with two processors, with only one bus;

FIG. 4 represents a diagram of an exemplary embodiment of a protectionby synchronizing and comparing two values of data elements issuing fromeach processor;

FIG. 5 represents a exemplary embodiment of a dual-port memoryaccessible through each port by a processor of the circuit;

FIG. 6 schematically represents a physical layout of the elements of thecircuit according to the invention;

FIG. 7 represents a conventional layout of the elements of atwo-processor circuit.

DESCRIPTION OF THE PREFERRED EMBODIMENT(S)

The smart integrated circuit that is the subject of the invention iscalled a MUMIC (Multi Untraceable MICrocomputer), and a first variant ofits logical configuration will be explained in connection with FIG. 1.This logical configuration is not representative of the physicalconfiguration or the topology layout, as will be seen below. This smartintegrated circuit is constituted by a main processor (1) and asecondary processor (2), each of the processors being connected by itsrespective communication (Address, Data and control) bus (3, 4) torespective memories (12, 13, 22) containing the main program (P1) andthe secondary program (P2) to be executed by each of the respective main(1) and secondary (2) processors, and working registers such as, forexample, volatile RAMs (11, 21). The memories connected to the secondaryprocessor are “dummy” RAMs (DumRAM 21) and ROMs (DumROM 22), which allowthe secondary processor (2) to execute tasks that are superimposed onthose of the main processor (1). The operating system of the mainprocessor is, for example, contained in a part of the ROM (12)inaccessible from the outside, but accessible by at least one of the twoprocessors. Each processor (1, 2) has its own sequencer (19, 20respectively). The integrated circuit according to the invention alsocomprises an input/output circuit (14) connected to the only bus or tothe bus of the main processor when the circuit is embodied according toa variant with several busses, and to the outside world, for example bycontacts or a contactless linkage device, in order to receive signalsfrom a terminal. A set of registers (R1, R2, R3) and an interruptcircuit (15) can be added to the processor, which needs them toimplement one of the variants of operation corresponding to a variant ofembodiment described below. The three elements (R1, R2, R3) areconnected to an interrupt generating circuit (15), which is connected tothe interrupt inputs of the processor (in this case the main processor).

The operating system of the main processor (1) is the only one in thecase of a master main processor/slave secondary processor variant and isdisposed in the ROM (12) accessible by the main processor. Whennecessary for the variants in which the processors can exchange roles, asecond operating system or the same operating system can be madeaccessible to the secondary processor, for example through an accessright token exchange and a checking of this access right before theprocessor passes control to the other one. Likewise, an interruptcircuit can be added to each processor that needs one for the role itmust play, particularly in the case where roles are exchanged or in thevariant of embodiment of FIG. 2 a.

The main program (P1) is contained in the nonvolatile memory (13) andthe utilization of the dummy memories corresponds to that described inthe French patent application published under the number FR 2 765 361,taking into account the fact that there can be execution simultaneitybetween at least two processors of the smart integrated circuit. In sucha case, the two types of memories (dummy and other) are used during thesame periods, even if the bus is actually multiplexed.

The integrated circuit also comprises an input/output interfaceconnected to at least one bus of the integrated circuit, which interfacecan be either parallel-to-parallel or parallel-to-serial. In a variantof embodiment, the working memory RAM (11) of the main processor (1) canbe merged with the dummy RAM (21 DumRAM) of the secondary processor (2)to form a single dual-port memory, as represented in FIG. 5. Thesedual-port RAMs (11-21) use a pair of address registers (110, 210) toreceive the address signals (ADD0, ADD1) and to allow access by the main(1) and secondary (2) processor, respectively. These dual-port RAMs(11-21) also use a first pair (111, 211) of data registers to allow dataread access by the main (1) and secondary (2) processor, respectively.The outputs of the data registers are connected to amplifiers (113,213), which deliver the data signals (D0, D1). Finally, these dual-portRAMs (11-21) also use a second pair (112, 212) of data registers toallow data write access by the main (1) and secondary (2) processors,respectively. This type of dual-port memory architecture is availablefrom vendors such as Motorola or Texas Instruments. Synchronous orasynchronous dual-port memories make it possible to read- orwrite-access a memory address area through two separate channels. Theyare used, in particular, to control synchronization processes betweentwo separate systems. The use of the dual-port memory to synchronizeprocesses is based on the fact that the processors can access the memorythrough two independent (address and data) channels, eithersynchronously or asynchronously, and can share data, which can be usedsimultaneously.

The two processors (1, 2), their busses, (3, 4) and their memories (11,21; 12, 13, 22) are fed by common power supply circuits (6) in order toreduce the difference between the power usage of one processor and theother as much as possible. With the progress in semiconductortechnologies, it is now actually possible to put on the same chip twoprocessors that occupy only a few mm₂, and thereby obtain aneconomically viable solution, the added cost of the second processorbeing very low, especially when compared to the surface area occupied bythe RAMs and programmable nonvolatile memories (NVM). It is suggestedthat mounting and routing tools that make it possible to merge theprocessors into a single and unique design block be used. Normally, oneskilled in the art who has to mount two processors on the same substratewith RAMs, ROMs and programmable nonvolatile memories will try to findthe optimal grouping of the functions as well as the optimum path, andto comply with the timing constraints. This would lead him to adopt anarchitecture and layout very similar to the one represented in FIG. 7,in which the two processors (CPU1, CPU2) are mounted close to oneanother, the clock circuit (H) is close to the processors, theperipheral circuits (14) constituting the input/outputs are alsoadjacent to the processors, and so is what is known in the art as thelogical “glue” G1, which is an array of logic elements necessary to theoperation of the integrated circuit. The other elements constituting theRAMs (11 and 21), ROMs (12 and 22) and programmable NVMs (13) aredisposed around it. One characteristic of the invention resides in thefact that the logical, arithmetical operators, as well as the controlfunctions, are intermixed with one another at the level of the gates orelementary cells, so that the physical location of a cell belonging to afunction cannot be determined a priori. Thus, each processor is dividedinto a certain number of elements, represented by squares or rectanglesin FIG. 6. These elements can be installed amid other elementsrepresented by circles and constituting the clock circuits, amidhexagonal elements constituting the logical “glue” or even amidtrapezoidal elements constituting the peripheral circuits, or finallyamid a combination of these elements, as represented in FIG. 6. Thephysical layout of the circuits of the two processors is advantageouslyproduced using this type of a completely general topology without anyeasily recognizable physical functional blocks, as is normally the case.Such a topology is used in “Gate Array” circuits, in which each cell ofthe matrix can participate in the execution of any function. This way,the two processors (1, 2) can be physically interleaved, despite aseparate logical organization, to such a degree that two adjacenttransistors can belong to either one of the processors or theirassociated circuits. This is made possible by the fact that the circuitclass to which the field of microprocessor cards relates does not imposehigh performance in terms of clock cycles. This layout of the circuitsis therefore especially conducive to ensuring the security of theassembly. Of course, the production of such circuits requires anautomatic computer-assisted layout in order to ensure proper routing ofthe signals and control of the functionalities. It is understood thatthe consumptions of the functional blocks are perfectly interleaved andcompletely mixed.

Furthermore, the two processors can communicate, either through aspecific link, or through a set (50, 51, FIG. 2 a) of communicationregisters connected to the bus (3, 4), or by cycle stealing through thebus of the other processor, or even through an arbitration logic, in thecase of a bus shared between the two processors, as represented in FIG.3.

FIG. 2 a represents, for example, a link using two registers (50, 51)operating in interrupt mode with the help of detection circuits (B1,B2), but it is also possible to use a dual-access register (5) with aprotocol similar to that used in chip cards, i.e., in which the mainprocessor (1) is the master. In the exemplary embodiment according toFIG. 2 a, a first register (50) provides the link between the bus (3) ofthe main processor (1) and that (4) of the second processor (2), while asecond register (51) provides the link in the other direction. Each ofthe respective first (50) and second (51) registers is equipped with arespective first (B1) and second (B2) flip-flop, which moves to theactive state when a piece of information has been posted in thecorresponding register. The output of the first toggle (B1) is connectedto the interrupt system of the secondary processor (2), while that ofthe second toggle (B2) is connected to the interrupt system of the mainprocessor (1). The size of the registers is large enough to contain therequests and responses from each of the processors. FIG. 2 b representsthe structure of a frame with a header, a data field and an errordetection field. Each frame can constitute either an information block(block I) or an acknowledgement block (block A), each of which blockscan be transmitted in both directions. The header can be constituted bytwo bytes, the first giving the number of the block and the second itslength. When a block is posted in the first register (50), the toggleproduces a signal that is interpreted as an interrupt IT1 by thesecondary processor (2), thus allowing it to be warned that a messageaddressed to it is present in the first register (50). The secondaryprocessor (2) can therefore acquire the block by reading the contents ofthe first register (50), then acknowledge the receipt of the block withan acknowledgement block (block A) posted in the second register (51)addressed to the main processor (1) with the same number. This processis particularly known to allow the chaining of the blocks, although thisis not absolutely necessary in the context of this invention. In eachinformation block, the information field may itself be divided into twoparts, a control field and a data field. The control field allows themain processor to send instructions to the secondary processor. Forexample, without limiting the list, there are the following commands:read, write, data check, authentication. When a command is received bythe secondary processor (2), the latter acknowledges the receipt of thiscommand with an acknowledgement block (block A) posted in the secondregister (51) and processes the command in question before posting aresponse in the second register (51), in the form of an informationblock (block I). The receipt of this block is acknowledged by the mainprocessor (1) with an acknowledgement block posted in the first register(50), and so on. The numbering of the blocks makes it possible to repeatpoorly transmitted or received data blocks. Naturally, the protocol forexchanging information between the main processor and the secondaryprocessor can be used in the opposite direction.

The two programs (P1, P2) are respectively executed in the main (1) andsecondary (2) processors in such a way that two instructions areexecuted simultaneously. It is also possible to phase shift the clockthat controls the secondary processor (2) so that the instruction cyclesdo not exactly correspond in each of the processors. The shifts can alsobe made variable and random, which produces superimpositions of equallyvariable instruction cycles. These shifts can be generated by thesequencer (20) of the secondary processor (2).

One advantageous and economic solution consists of using a “dummy” RAM(DumRAM 21) of very small size for the “dummy” memory of the secondaryprocessor (2). In essence, since this memory does not play any realfunctional role, its addressable space can be limited so that it takesup a minimum amount of space on the chip. This space can correspond, forexample, to simply adding one or more lines of RAM to the RAM matrix,this space having its own address and data registers.

The secondary processor (2) can be allowed to run continuously, but itis preferable to use a communication channel between the two processorsthat can advantageously be used to activate the secondary processor (2)and/or to indicate to the main processor (1) that the secondaryprocessor is operational and/or actually perform tasks. The processorshave at least two states: active or inactive. For example, the activestate corresponds to the execution of a sequence of diverse operations,and the inactive state can be embodied by a wait loop that does notcontain any operation. The passage from one state to another takes placevia a communication mechanism between the processors. For example, themain processor can activate an inactive secondary processor by sendingit an interrupt. In the variants of embodiment that use the activationmechanism, the processors each have either an interrupt line leading toat least one other processor, or a reset line. In fact, anothernon-preferred way to cause the passage from the activated state to thedeactivated state can consist of maintaining a reset signal sent to theprocessor that must be deactivated and of suppressing it when theprocessor moves to the activated state. The activation means aretherefore means that allow one processor to move the other from theactivated state to the deactivated state and vice versa.

This can be done either by an authentication mechanism between the twoprocessors, or by an activity register test mechanism. Theauthentication mechanism is triggered at the request of the mainprocessor (1), or periodically, or even randomly. As soon as the mainprocessor (1) detects an abnormality during the authentication, it canstop any operation, or put itself in a wait loop.

To do this, it is possible to use this type of operation in theinterrupt mode. When the interrupt is generated, for example, by theabnormality detected at the level of the main processor (1), a dialog isestablished between the two processors in order to perform anauthentication controlled by the main processor (1). This authenticationconsists, for example, of having the main processor (1) encrypt a dataelement based on a key stored in a secret area of a programmablenonvolatile memory (13, NVM) connected to the bus (3) of the mainprocessor (1). The encrypted data element is sent to the secondaryprocessor (2) through the communication channel, and the secondaryprocessor decrypts it, then returns the result to the main processor(1), which compares the result of the decryption to the data element. Ifthe result is correct, the main processor (1) can continue to work; ifnot it enters a wait loop to wait for the next authentication. Thesemechanisms are known and do not pose any particular problem for oneskilled in the art.

The main processor (1) can also test an activity register in the “dummy”RAM (DumRAM, 22) of the secondary processor (2) and determine whetherthis register has actually changed with each test. If this register hasnot changed, the main processor can suspend its activity in a waysimilar to the preceding one.

In a variant, it is possible to use a copy of any part of the mainprogram (P1) as the secondary program (P2), by initially pointing atrandom to an address and/or by operating on data different from that ofthe main program. This will ensure that the program executesinstructions that are plausible but functionally useless.

It is also possible to have the secondary processor (2) execute aprogram correlated to the one that is executed by the main processor, insuch a way that the intermediate processing results never appear duringthe execution. Let us assume, for example, that it is necessary to hidethe result of an operation F by having each of the processorsrespectively execute two different functions f1 and f2 of F, chosen insuch a way that the result of F can be obtained by a function g thatcombines these two different functions in such a way that F=g(f1,f2).

In order to avoid introducing errors into the code and/or the data ofthe card, and also making it possible to perform attacks on the chipcard (differential fault analysis, DFA), it is suggested that“fault-intolerant” programs be installed. This introduction of errors iscaused, in particular, by instantaneous modifications of the powersupply and/or the clock (power/clock glitches). In the example below (ahypothetical communication program), the attacker tries to modify thebehavior of the conditional jump (line 3) or the decrement (line 6), inorder to receive data outside the storage area normally provided(answer_address+answer_length):

-   -   1. b=answer_address    -   2. a=answer_length    -   3. if (a==0) goto 8    -   4. transmit (*b)    -   5. b=b+1    -   6 a=a−1    -   7. goto 3    -   8 . . .

These “fault-intolerant” programs (i.e., capable of detecting faults)for chip cards, by definition have redundant tasks, which are executedin the processors (CPU) of a multiprocessor card.

At certain “synchronization” points formed by a hardware or software“lock,” such as a decremented physical or logical counter, as well as anatomic instruction of the transfer type (“swap,” “read-modify-write,”known in the prior art), the agreement of the redundant tasks in theexecution of the program is verified by the main processor(s).

A discrepancy is considered by the processor that performed theverification as a sign of an attack. The introduction of errors into thecode of the card by a hacker becomes much more complicated as a resultof these verifications. In the above example, the attacker must succeedin modifying the behavior of two or more tasks in an identical way,which seems practically impossible (impracticable).

In practice, it is desirable to protect the integrity of the “critical”data of the program. For the variables, this protection can be achievedby duplication in memory. Each processor (CPU) then has its own copiesof the variables in question, which are stored in a truly functionalmemory and not a dummy memory. In our hypothetical example, thedecrement of the variable “a” (loop counter) can be protected by theinstruction sequence below, which is executed by each of the processors:

-   -   6 a=a−1    -   6′ SYNCHRONIZATION OF THE PROCESSORS    -   6″ if (a′!=a) goto attack

Where “a′” is a copy of the variable “a” used by the second processor,and in the case where “a” is different from “a′” the program jumps tothe so-called “attack” handling routine, which takes the necessarymeasures to protect the card.

For example, following the detection of an attack, there is a jump tothe “attack” label, and the “attack” handling routine will execute theappropriate operations, such as the resetting of the microprocessorsand/or the erasure of the keys in programmable nonvolatile memory, forexample of the E2PROM type.

It will be noted that it is also possible to directly protect the flowcontrol, i.e., the progress of the program. The protected critical dataelement in that case is the ordinal counter of the processors (oranother piece of information linked to the ordinal counter if theprocessors are not executing the same code). After each (conditional orunconditional) jump that needs to be protected, the redundant tasks mustcompare the information in the direction in which the respective jumpshave been made. In the hypothetical example given above, the conditionaljump in line 3 can then be protected by exchanging and comparing theordinal counter or the corresponding information in lines 4 and 8.

The exchange and comparison operations can be performed either viasoftware means (in a way similar to the instruction sequence 6-6″described above), or via hardware means by a comparator (8) like that inFIG. 4, which is activated by a signal resulting from thesynchronization operation and delivered to its validation input (80).The comparator (8) also receives through its other inputs (81, 82) thesignals representing the values of the ordinal counters (PC, PC′)related to each main (1) and secondary (2) processor

In case of attack, the hardware comparator (8), using the signal (attackinterrupt) sent through its output (83), triggers the processing of aninterrupt, which then performs the appropriate operations through theinterrupt mechanism of the microprocessors (example: Reset interrupt).

One might be tempted to say that these mechanisms are similar to theconventional execution of programs in a two-processor system, but themechanisms of the invention are very different:

The two processors are fed by the same circuits, in order to mix up thevarious instantaneous consumptions of the two processors and theirassociated circuits. They can be located on the same silicon substrate.

The signatures of the instructions used in the secondary processor arecapable of concealing the effect of the signatures of the instructionsexecuted in the main processor.

The purpose of the secondary program is to execute functions that aredifferent from the main program but that hide those of the main program.It is also possible to consider a secondary process that executes taskswithout any correlation to the main program, or even incoherent tasks,or conversely, to have it perform tasks parallel to the main processthat are correlated to the latter, for the purpose of hiding them.

The size of the “dummy” RAM can often be much smaller than the onerequired for the normal running of a program.

The main processor will only execute a program that is sensitive interms of security if the secondary processor is authenticated and/or ifit is active.

The content of the “dummy” RAM is of no functional importance, since itis used only to scramble the traces of the power consumption in thememory array.

It is not necessary to save and restore the contexts of the secondaryprograms.

In another variant of embodiment, the main processor (1) activates atimer (R3) initialized either by means of the random generator (R1) orfrom the content of the programmable nonvolatile memory (13, NVM). Thisprogrammable nonvolatile memory (13) can actually contain a uniquenumber modified with each use. When the timer (R3) runs out at the endof a period that cannot be predicted from the outside, it triggers anauthentication of the secondary processor (2) by the main processor (1).

In another variant of embodiment, the register (R2), after having beenloaded with particular information (for example coming from a memory orfrom the random generator (R1)), can be used to trigger an interrupt.

In another variant of embodiment, a random generator (R1) is connectedto the interrupt system (15) of the main microprocessor (1) in order togenerate interrupts that are irregular and completely non-synchronizedrelative to the execution of the programs in the main processor (1). Ofcourse, the interrupt system may or may not be maskable, depending onthe process in question. In this case, if the interrupt is masked, theoperation of the assembly is conventional, in the single-processor mode,but as soon as the current main program (P1) wants to protect itselfagainst possible observation, it authorizes this interrupt, whichtriggers the authentication and activation of the secondary processor(2).

In another variant of embodiment with a common bus shared between atleast two processors, for example n processors, each processor (1 a, 1b, . . . 1 n, FIG. 3) is connected to a centralized arbitration logic(8) by three types of lines, a first bus request line (31), a second busbusy line (32), and a third bus polling line (33) of the common bus (3).The first two types, request (31) and busy (32) are respectivelyconstituted by a single line common to all the processors, while thelast type, polling (33), is an individual line (33 a, 33 b, . . . 33 n)to each of the n processors (1 a, 1 b, . . . 2 n). All of the processorsshare through the single bus (3) the RAM, the ROM, the programmablenonvolatile memory (NVM), and the input/output circuit (I/O).

A processor (for example 1a) that wants to acquire the bus (3) indicatesthis desire through the bus request line (31). The arbiter (8)interrogates the other processors (1 b, . . . , 1 n) in accordance witha properly determined algorithm (example, cyclic interrogation, buspolling) through the polling type lines (33 b, . . . , 33 n)corresponding to the interrogated processors. The first interrogatedprocessor that demanded it acquires the bus and activates the bus busyline (32). The arbiter (8) only resumes the interrogation once the bus(3) is released by the passage of the signal transmitted through the busbusy line (32) from the active state to the inactive state. It isunderstood that the processors are connected to one and the same bus, towhich they share access by time division multiplexing these accesses.

Of course, it is possible to combine the effects of the precedingembodiments, and it is not necessary for the scrambling to be donecontinuously.

Thus, when the main program (P1) executes functions that are notsensitive in terms of security, the scrambling produced by the inventioncan be made intermittent by intermittently reverting to single-processoroperation, for example in order to deliver results to the outside world,for testing purposes, or even to mask the interrupts of the timer (R3)or the random generator. As soon as a protected function is implemented,the main program (P1) authorizes the operation of the secondaryprocessor (2) in order to “scramble” the operation.

In fact, the security no longer results from the fact that the processoris randomly timed as in the prior art, but is produced by thesimultaneous execution of two programs (P1, P2) with differentsignatures by two processors (1, 2) fed by the same power sources.

The organization of the programs executed by the main processor (1) canbe done in such a way that the operation of the main processor iscontrolled by a truly secure operating system, which decides on the typeof scrambling to be used based on the type of program executed by themachine. In this case, it is the operating system of the main processor(1) that handles the various control signals from the secondaryprocessor (2) as it sees fit. It is also clear that the secondaryprogram (P2) can be used to perform functions useful to the main program(P1), including operations that can accelerate the global processingtime. These operations can be constituted, for example, by preparationsof calculations performed by the secondary program but ultimately usedby the main program (P1). Of course, it is easy to generalize themechanisms of the invention when the processor is operating in themultiprogram mode, in which case the application programs can beconsidered as main programs.

The random generator and the timer seen above do not pose any particularproduction problems and are known to one skilled in the art when theyare used separately for other uses that are not tied to the invention.

In another variant, it is possible to embody the invention in such a waythat the two processors can alternately play the role of main processorand secondary processor. This assumes that a priority token is exchangedbetween the two processors in order to confer the role of master oneither of the two processors at a given time.

Other modifications are also part of the spirit of the invention. Thevariants described with an embodiment limited to two processors can alsoapply to embodiments with several processors and are part of theinvention. Thus, at any point in the specification the term ROM shouldbe understood to be a ROM, but could also be replaced by a PROM, EPROM,EEPROM or any other type of programmable nonvolatile memory, ROM or RAM.

While this invention has been described in conjunction with specificembodiments thereof, it is evident that many alternatives, modificationsand variations will be apparent to those skilled in the art.Accordingly, the preferred embodiments of the invention as set forthherein, are intended to be illustrative, not limiting. Various changesmay be made without departing from the true spirit and full scope of theinvention as set forth herein and defined in the claims.

1. A smart integrated circuit, comprising a main processor (1) and anoperating system executing a main program (P1) for constituting a maintask-performing process, at least one secondary processor (2) capable ofconcurrently executing at least one secondary program (P2) forconstituting at least one task-performing process, power supply circuits(6) common to the processors and means for activating the secondaryprocessor to ensure that the secondary processor or processors withsimilar power and different operating signatures are executedconcurrently with the main process by continuously or intermittentlyinducing, in the power supply circuits, power disturbances that aresuperimposed on those of the main task performing process so as toproduce a continuous or intermittent scrambling.
 2. A smart integratedcircuit according to claim 1, characterized in that the main orsecondary processors are each a protected microprocessor ormicrocomputer.
 3. A smart integrated circuit according to claim 1,characterized in that the activation of said means is triggered by theoperating system of the main processor (1) of the smart integratedcircuit, so that said means for activating the secondary processorcreates additional security that depends only on a decision resultingfrom the main processor's running of the operating system located at aplace in the integrated circuit inaccessible from the outside.
 4. Asmart integrated circuit according to claim 1, characterized in that itincludes a main memory (12, 13) dedicated to the main processor (1), theoperating system being contained in at least one part of the memory,said one part of the memory being externally inaccessible but accessibleby at least one of the main or secondary processors (1, 2) and asecondary memory (21, 22) respectively dedicated to the secondaryprocessor (2).
 5. A smart integrated circuit according to claim 1,characterized in that it includes at least one communication bus (3, 4)between the main and secondary processors, their respective memories,and an input/output circuit.
 6. A smart integrated circuit according toclaim 1, characterized in that it includes logic circuits dispersed on asubstrate or substrates, such that a physical layout of the main andsecondary processors is achieved without any easily recognizablefunctional blocks.
 7. A smart card as set forth in claim 6, wherein thephysical layout comprises a physical interleaving of the main andsecondary processors, but with a separate logical organization.
 8. Asmart integrated circuit according to claim 1, characterized in that thesecondary processor (2) executes tasks of the secondary process thatminimize or cancel out operating signatures of the main processor (1).9. A smart integrated circuit according to claim 1, characterized inthat the secondary processor (2) executes tasks of the secondary processcorrelated to those of the main process executed by the main processor(1) in such a way that the intermediate processing results never appearduring the process.
 10. A smart integrated circuit according to claim 1,characterized in that the secondary program (P2) has a usable workingspace smaller than that of the main program (P1).
 11. A smart integratedcircuit according to claim 1, further comprising communication meansbetween the main processor (1) and the secondary processor (2).
 12. Asmart integrated circuit according to claim 11, characterized in thatthe communication means (50, 51, B1, B2) between the main and secondaryprocessors allow the main processor (1) to know whether or not thesecondary processor (2) is operational.
 13. A smart integrated circuitaccording to claim 11, characterized in that the communication meansbetween the two processors allow the main processor (1) to perform anauthentication of the secondary processor (2).
 14. A smart integratedcircuit according to claim 11, characterized in that an authenticationor operational testing of the secondary processor (2) is performedduring the processing by the main processor (1).
 15. A smart integratedcircuit according to claim 14, characterized in that an authenticationor operational testing of the secondary processor (2) is performedduring the processing by the main processor (1).
 16. A smart integratedcircuit according to claim 1, characterized in that the means foractivating the secondary processor (2) is controlled by the mainprocessor (1) and its main program (P1), by an interrupt system (15) orby a timer (R3), or a combination of the three.
 17. A smart integratedcircuit according to claim 1, characterized in that the secondaryprocessor (2) executes tasks of the secondary process with nocorrelation to those of the main process executed by the main processor(1).
 18. A smart integrated circuit according to claim 1, characterizedin that the secondary processor (2) executes tasks of the secondaryprocess that minimize or cancel out the operating signatures of the mainprocessor (1).
 19. A smart integrated circuit according to claim 1,characterized in that the secondary program (P2) implements a processcorrelated to the main process, such that the combination of the twoprocesses provides an operating signature of the secondary processor (2)which hides an operating signature of the main processor(1).
 20. A smartintegrated circuit according to claim 1, characterized in that thesecondary processor (2) executes tasks correlated to those of the mainprocessor (1) in such a way that the intermediate processing resultsnever appear during the process.
 21. A smart integrated circuitaccording to claim 1, characterized in that the secondary processor (2)can substitute for the main processor (1) and vice versa.
 22. A smartintegrated circuit according to claim 1, characterized in that thesecondary processor (2) executes tasks correlated to those of the mainprocessor (1) by synchronizing the processes and comparing the values oftwo data elements, each issuing from the respective processor executingits respective program.
 23. A smart integrated circuit according toclaim 1, characterized in that the secondary processor (2) executestasks correlated to those of the main processor (1) by logicallydeducing the secondary program (P2) from the main program (P1).
 24. Asmart integrated circuit according to claim 1, characterized in thateach of the main and secondary processors (1, 2) has a respective bus(3, 4) to which RAMs and ROMs for each processor and a nonvolatilememory for the main processor are connected.
 25. A smart integratedcircuit according to claim 1, characterized in that each of theprocessors is connected to one and the same multiplexed communicationbus between the processors and a RAM, ROM and nonvolatile memory arrayconnected to said bus, and further including an arbitration circuit (8)for managing the contentions for access to said common bus.
 26. A smartintegrated circuit according to claim 1, characterized in that thesecondary processor (2) executes, successively and in any order, eitherprograms that are correlated or programs without any correlation tothose executed by the main processor (1).